Hi everyone
I am doing some troubleshooting for our logstash-elasticsearch setup, and I was wondering how to check if logstash is receiving any input at all.
It simply stopped creating indexes at one point, and no logs show any errors.
I tried running tcpdump on port 10516 but it seems to have no traffic.
Can I conclude from this that no data is sent to logstash for indexing?
Thanks
whats is your input plugin here? moreover you can always run logstash in debug mode to get more details.
to run logstash in debug mode add --debug to your regular command. ( if linux: /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --debug)
And you can check logs to get detials.
The input is the Pandora FMS server, I'm not sure how exactly it sends the data, having trouble finding details in the documentation. I'm sort of suspecting it for not even sending the data for indexing, that is why I asked if there is a way to check if logstash is receiving anything.
In any case, the logging of logstash is already at debug level, but the log does not show any errors, it simply repeats the same entry all the time
[2018-03-08T09:55:28,391][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2018-03-08T09:55:28,391][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2018-03-08T09:55:30,679][DEBUG][logstash.pipeline ] Pushing flush onto pipeline {:pipeline_id=>"main", :thread=>"#<Thread:0xb34a76b@/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:246 sleep>"}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.